public void Analyze(UdpPacket udpPacket)
{
NetworkLayerObject credential = this._kerberosParser.Parse(udpPacket);
if (credential != null)
{
// Raise event.
this.ParsedItemDetected(this, new ParsedItemDetectedEventArgs()
{
ParsedItem = credential
});
}
}
public void Analyze(TcpSession tcpSession)
{
foreach (var parsrer in this._passwordParsers)
{
NetworkLayerObject credential = parsrer.Parse(tcpSession);
if (credential != null)
{
// Raise event.
this.ParsedItemDetected(this, new ParsedItemDetectedEventArgs()
{
ParsedItem = credential
});
}
}
}
public NetworkLayerObject Parse(TcpSession tcpSession)
{
NetworkLayerObject credential = null;
var sessionData = Encoding.ASCII.GetString(tcpSession.Data);
if ((credential = SearchImapPlaintextLogin(tcpSession, sessionData)) != null)
{
return(credential);
}
else if ((credential = SearchImapAuthenticateLogin(tcpSession, sessionData)) != null)
{
return(credential);
}
else if ((credential = SearchImapCramMd5Hash(tcpSession, sessionData)) != null)
{
return(credential);
}
return(credential);
}
public NetworkLayerObject Parse(TcpSession tcpSession)
{
// TODO: determine the autentication direction
NetworkLayerObject credential = null;
var sessionData = Encoding.ASCII.GetString(tcpSession.Data);
if ((credential = SearchSmtpAuthLogin(tcpSession, sessionData)) != null)
{
return(credential);
}
if ((credential = SearchSmtpAuthPlain(tcpSession, sessionData)) != null)
{
return(credential);
}
if ((credential = SearchSmtpCramMd5(tcpSession, sessionData)) != null)
{
return(credential);
}
return(credential);
}
public void AnalyzeGeneric(object item)
{
NetworkLayerObject credential = null;
foreach (var parsrer in this._passwordParsers)
{
if (item is TcpPacket)
{
credential = SafeRun(x => parsrer.Parse(x as TcpPacket), item as TcpPacket);
}
else if (item is TcpSession)
{
credential = SafeRun(x => parsrer.Parse(x as TcpSession), item as TcpSession);
}
else if (item is UdpPacket)
{
credential = SafeRun(x => parsrer.Parse(x as UdpPacket), item as UdpPacket);
}
else if (item is UdpStream)
{
// Nothing to do.
}
else
{
throw new Exception("Unsupported type for password module");
}
if (credential != null)
{
// Raise event.
this.ParsedItemDetected(this, new ParsedItemDetectedEventArgs()
{
ParsedItem = credential
});
}
}
}